Learning Latent Events From Network Message Logs

We consider the problem of separating error messages generated in large distributed data center networks into error events. In such networks, each error event leads to a stream of messages generated by hardware and software components affected by the event. These messages are stored in a giant message log. We consider the unsupervised learning problem of identifying the signatures of events that generated these messages; here, the signature of an error event refers to the mixture of messages generated by the event. One of the main contributions of the paper is a novel mapping of our problem which transforms it into a problem of topic discovery in documents. Events in our problem correspond to topics and messages in our problem correspond to words in the topic discovery problem. However, there is no direct analog of documents. Therefore, we use a non-parametric change-point detection algorithm, which has linear computational complexity in the number of messages, to divide the message log into smaller subsets called episodes, which serve as the equivalents of documents. After this mapping has been done, we use a well-known algorithm for topic discovery, called LDA, to solve our problem. We theoretically analyze the change-point detection algorithm, and show that it is consistent and has low sample complexity. We also demonstrate the scalability of our algorithm on a real data set consisting of 97 million messages collected over a period of 15 days, from a distributed data center network which supports the operations of a large wireless service provider.

[1]  Wei Peng,et al.  An integrated framework on mining logs files for computing system management , 2005, KDD '05.

[2]  Qing Wang,et al.  Online inference for time-varying temporal dependency discovery from time series , 2016, 2016 IEEE International Conference on Big Data (Big Data).

[3]  Michael I. Jordan,et al.  Latent Dirichlet Allocation , 2001, J. Mach. Learn. Res..

[4]  Liang Tang,et al.  LogTree: A Framework for Generating System Events from Raw Textual Logs , 2010, 2010 IEEE International Conference on Data Mining.

[5]  KawaharaYoshinobu,et al.  Sequential change-point detection based on direct density-ratio estimation , 2012 .

[6]  Wei Peng,et al.  Event summarization for system management , 2007, KDD '07.

[7]  Chiranjib Bhattacharyya,et al.  A provable SVD-based algorithm for learning topics in dominant admixture corpus , 2014, NIPS.

[8]  Liang Tang,et al.  Data-Driven Techniques in Computing System Management , 2017, ACM Comput. Surv..

[9]  André Carlos Ponce de Leon Ferreira de Carvalho,et al.  Data stream clustering: A survey , 2013, CSUR.

[10]  Haixun Wang,et al.  An algorithmic approach to event summarization , 2010, SIGMOD Conference.

[11]  Tao Li,et al.  Natural event summarization , 2011, CIKM '11.

[12]  Evangelos E. Milios,et al.  Clustering event logs using iterative partitioning , 2009, KDD.

[13]  David S. Matteson,et al.  A Nonparametric Approach for Multiple Change Point Analysis of Multivariate Data , 2013, 1306.4933.

[14]  Yan Liu,et al.  FBLG: a simple and effective approach for temporal dependence discovery from time series data , 2014, KDD.

[15]  Tao Li,et al.  Event Mining: Algorithms and Applications , 2015 .

[16]  Andrew McCallum,et al.  Topics over time: a non-Markov continuous-time model of topical trends , 2006, KDD '06.

[17]  Jilles Vreeken,et al.  The long and the short of it: summarising event sequences with serial episodes , 2012, KDD.

[18]  Chong Wang,et al.  Online Variational Inference for the Hierarchical Dirichlet Process , 2011, AISTATS.

[19]  Fei Wu,et al.  Structural Event Detection from Log Messages , 2017, KDD.

[20]  Sam Ade Jacobs,et al.  Graph-based clustering for detecting frequent patterns in event log data , 2016, 2016 IEEE International Conference on Automation Science and Engineering (CASE).

[21]  Masashi Sugiyama,et al.  Sequential change‐point detection based on direct density‐ratio estimation , 2012, Stat. Anal. Data Min..

[22]  Feifei Li,et al.  DeepLog: Anomaly Detection and Diagnosis from System Logs through Deep Learning , 2017, CCS.

[23]  Chong Wang,et al.  Continuous Time Dynamic Topic Models , 2008, UAI.

[24]  Olivier Capp'e,et al.  Homogeneity and change-point detection tests for multivariate data using rank statistics , 2011, 1107.1971.

[25]  Ramakrishnan Srikant,et al.  Mining sequential patterns , 1995, Proceedings of the Eleventh International Conference on Data Engineering.

[26]  Dan Pei,et al.  What happened in my network: mining network events from router syslogs , 2010, IMC '10.

[27]  Mark Steyvers,et al.  Finding scientific topics , 2004, Proceedings of the National Academy of Sciences of the United States of America.

[28]  Francis R. Bach,et al.  Online Learning for Latent Dirichlet Allocation , 2010, NIPS.

[29]  R. Srikant,et al.  Learning Latent Events from Network Message Logs: A Decomposition Based Approach , 2018, ArXiv.

[30]  Hao Chen,et al.  Graph-based change-point detection , 2012, 1209.1625.

[31]  Anima Anandkumar,et al.  Tensor decompositions for learning latent variable models , 2012, J. Mach. Learn. Res..

[32]  Chong Wang,et al.  Stochastic variational inference , 2012, J. Mach. Learn. Res..

[33]  John F. Roddick,et al.  Sequential pattern mining -- approaches and algorithms , 2013, CSUR.